<& Elements/Header, Title => loc("New Observation") &>
<SCRIPT LANGUAGE="JavaScript">
<!--
function isIp(val) {
   var filter = /[a-z0-9.-]+\.[a-z]{2,5}|(([1-9][0-9]{0,2})|0)\.(([1-9][0-9]{0,2})|0)\.(([1-9][0-9]{0,2})|0)\.(([1-9][0-9]{0,2})|0)/;
    if(filter.test(val.value)){
        filter = /^https?/;
        if(filter.test(val.value)){
            return false;
        }
        return true;
    }
    return false;
}
function hide(obj) {
    obj1 = document.getElementById(obj);
    obj1.style.visibility = 'hidden';
}
function show(obj) {
      obj1 = document.getElementById(obj);
      obj1.style.visibility = 'visible';
}

function show_me(optionValue) {
    if(isIp(optionValue)){
        show('portlist');
        show('protocol');
    } else {
        hide('portlist');
        hide('protocol');
    }
}
function hide_me() {
    hide('portlist');
    hide('protocol');
}

window.onload = hide_me;
// -->
</SCRIPT>
<h3>Getting Started</h3>
<ul>
    <li>Sometimes less is more</li>
    <li>Don't get stuck on where the data might end up</li>
    <li>Extra context can always go in the "details" box</li>
    <li>Let the system handle the rest, we're just documenting observations here</li>
</ul>
<h3>Document the Observation</h3>
<table>
<form method="post" enctype="multipart/form-data" action="Submission.html">
    <tr>
    <td><b>Assessment</b></td>
    <td>
        <select name='assessment'>
% foreach my $p (@{$assessments}){
% my $selected = '';
% if(lc($p) eq lc($d_assessment)){ $selected = " selected='selected'"; }
            <option value='<%$p%>'<%$selected%>><%$p%></option>
% }
        </select><br/>
        <i>closest that's appropriate, best estimate</i>
    </td>
    </tr>
    <tr>
        <td><b>Data</b></td>
        <td>
            <input onBlur=show_me(this) type='text' size=80 name="data" value="<%$data%>" title="ip's, domains, urls"/>
            <br><i>eg: 192.168.1.1,https://www.baddomain.com/bad.aspx</i>
        </td>
    </tr>

    <tr>
        <td><b>Tags</b></td>
        <td>
        <input title="short one-word descriptions work best" name='description' type='text' size=80 value="<% $description %>" name="Object-RT::Ticket--CustomField-<% $cf %>-Values" id="Object-RT::Ticket--CustomField-<%$cf%>-Values" /><div id
="Object-RT::Ticket--CustomField-<%$cf%>-Choices" class="autocomplete"></div>
    <script type="text/javascript">
    new Ajax.Autocompleter(
        "Object-RT::Ticket--CustomField-<%$cf%>-Values",
            "Object-RT::Ticket--CustomField-<%$cf%>-Choices",
                "<% RT->Config->Get('WebPath')%>/Helpers/Autocomplete/CustomFieldValues",
                    { tokens: [ '\s' ] }
                    );
                    </script>
        <br><i>eg: torpig, zeus, spyeye, paypal, etc... <b>1-2, no more than 2</b></i>
        </td>
    </tr>
    <tr>
        <td><b>Details</b></td>
        <td>
            <& /Elements/MessageBox, Default => $ARGS{'ReferenceDescription'}, Name => 'ReferenceDescription' &>
            <br><i>e.g. full message headers, analysis, etc...</i>
        </td>
    </tr>
    <tr>
        <td>attachment</td>
        <td><input name="Attach" type="file"/>
            <br><i>any supporting doc, reports, pdf's, binaries, etc... </i>
        </td>
    </tr>
    <tr id="portlist">
        <td>Portlist</td>
        <td>
            <input title="the entire list will be tagged against each data entered" type='text' size=80 name='portlist' value="<%$portlist%>">
            <br><i>eg: 21,22,80-89</i>
        </td>
    </tr>
    <tr id="protocol">
        <td>Protocol</td>
        <td>
            <input type='text' size=80 name='protocol' value="<% $protocol %>">
            <br><i>eg: tcp/udp/other</i>
        </td>
    </tr>
</table>
<h3>Sharing Information</h3>
<table>
    <tr>
        <td><b>Group</b></td>
        <td>
            <select name='group'>
% foreach(@sorted){
% my $selected = ($sorted[0] eq $_) ? " selected='selected'" : '';
                <option value='<% $_ %>'<% $selected %>><% $_ %></option>
% }
            </select>
        </td>
    <tr>
        <td><b>Restriction</b></td>
        <td>
        <select name='restriction'>
% my $d_restriction = uc($rmap->{'default'});
% foreach my $restriction (keys %$rmap){
% $restriction = uc($restriction);
% next if($restriction eq 'DEFAULT');
% my $selected = '';
% if($restriction eq $d_restriction){ $selected = " selected='selected'"; }
            <option value='<%$rmap->{lc($restriction)}%>'<%$selected%>><%$restriction%></option>
% }
        </select>
        <i>details about the <a href="<%$sharing_policy%>" target=_blank><i>Sharing Policy</i></a><br/>
    </td>
    </tr>

    <tr>
        <td><b>Permission<br>to share</b></td>
        <td>
% foreach (keys %$share_with){
% my $checked = ($share_with->{$_}->{'checked'}) ? ' checked="checked"' : '';
            <input type="checkbox" name="sharewith" value="<% $_ %>"<% $checked %>" /><% $share_with->{$_}->{'description'} %><br/>
% }
        </td>
    </tr>
    <tr>
        <td></td>
        <td><& /Elements/Submit, Label => loc("Submit")&></td>
    </tr>
</table>
</form>

<%INIT>
use RT::CustomField;
my $cf = RT::CustomField->new($session{'CurrentUser'});
$cf->Load('ReportDescription');
$cf = $cf->Id();

my $rmap = RT->Config->Get('CIFMinimal_RestrictionMapping');
unless($rmap){
    $rmap = {
        'default'         => 'private',
        'need-to-know'    => 'need-to-know',
        'private'         => 'private',
        'public'          => 'public',
    };
}

my $assessments = RT->Config->Get('CIFMinimal_Assessments') || ['botnet/C2','malware/exploit','scanner/bruteforcer','hijacked','phishing','fastflux','suspicious','whitelist'];
my $d_assessment = RT->Config->Get('CIFMinimal_DefaultAssesment') || 'botnet';
my $sharing_policy = RT->Config->Get('CIFMinimal_DefaultSharingPolicy') || 'http://en.wikipedia.org/wiki/Traffic_Light_Protocol';

my $user = $session{'CurrentUser'}->UserObj();
my $g = $user->OwnGroups();
my $groups;
while(my $grp = $g->Next()){
    $grp->Name() =~ m/^DutyTeam (\S+)/;
    next unless($1);
    my $guid = lc($1);
    my $priority        = $grp->FirstCustomFieldValue('CIFGroupPriority');
    $groups->{$guid}    = $priority;
}

foreach(keys %$groups){
    unless(defined($groups->{$_})){
        $groups->{$_} = 100;
    }
}
my @sorted = sort { $groups->{$a} <=> $groups->{$b} } keys %$groups;

my $share_with = RT->Config->Get('CIFMinimal_ShareWith') || {
    leo         => {
        description => 'Anonymized with Trusted Law Enforcement',
        checked     => 1,
    },
    partners    => {
        description => 'Anonymized with Trusted Mitigation Partners',
        checked     => 1,
    }
};
</%INIT>

<%ARGS>
$portlist => ''
$data => ''
$description => ''
$protocol => ''
@results => ''
$restriction => ''
</%ARGS>

